Bug 146258

Summary: problem when users are in more than 32 groups.
Product: Red Hat Enterprise Linux 3 Reporter: scott alley <scott>
Component: kernelAssignee: dff <dff>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: peterm, petrides, riel
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-27 02:15:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description scott alley 2005-01-26 15:10:28 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3)
Gecko/20040910

Description of problem:
Our server is file serving for a group of 8 companies.  Inherently,
the linux user security model involves user,group,others for file
access permissions and user/group ownership of files.  We have
accounting people who work for multiple companies.

I, as the administrator, need to be able to do what I want such as
browse directories or files.  I am in about sixty groups.  Others are
in many groups too, which were added to groups with a script running a
command of:
/usr/sbin/usermod -G gid,gid,gid,gid,... loginName
This allows asigning a user to groups efficiently.  We then run Samba
to expose shares at a company level with folders underneath.
IE. Samba exposes share Tecnica = /tecnica
/company              (assigned to group company)
/company/accounting   (assigned to group companyacctg)
/company/credit       (assigned to group companycredit)
/company/marketing    (assigned to group companymarketing)

Unfortunately the RHEL OS, only grabs the first 32 groups of a users'
group associations.  This makes some folders(and files) inaccessible
in a very random looking fashion.  I'm not sure if it is a kernel or
PAM security limitation.

I have confirmed this problem with Tech Support on 1/25/2005.  This is
an unacceptable limitation for an Enterprise Level Operating System. 
Please advise as to when this issue will be corrected.



Version-Release number of selected component (if applicable):
kernel-2.4.21-20

How reproducible:
Always

Steps to Reproduce:
1. Add a user to more than 32 groups.
2. Run a groups command for the userid > somefilename.txt
3. Try to access a directory owned by a group exceeding the 32nd group
listed in somefilename.txt.
4. The directory will be inaccessible.
    

Actual Results:  The directory is inaccessible.

Expected Results:  The directory should be accessible.

Additional info:
Comment 1 scott alley 2005-01-26 15:17:26 UTC 
The line above in the Bug Comments that reads:
Samba exposes share Tecnica = /tecnica
should have read Samba exposes share company = /company.

Sorry about that!
Scott Alley.
Comment 2 Ernie Petrides 2005-01-27 02:15:45 UTC 

*** This bug has been marked as a duplicate of 144671 ***